You can use the Jython scripting language to manage security
realm configurations with the wsadmin tool. Use the commands and parameters
in the SecurityRealmInfoCommands group to query and manage trusted
realms.
Avoid trouble: If you use LocalOS
as the active user registry, verify that the users and groups used
by the commands in the SecurityRealmInfoCommands command group have
a valid OMVS segment.
gotcha
Use the following commands to manage
trusted realms in your security configuration:
addTrustedRealms
The
addTrustedRealms command adds a realm or list of realms to the list
of trusted realms for global security or in a security domain.
Target object
None.
Required parameters
- -communicationType
- Specifies whether to trusted realms to inbound or outbound communication.
Specify inbound to configure inbound communication.
Specify outbound to configure outbound communication.
(String)
Optional parameters
- -securityDomainName
- Specifies the name of the security domain of interest. If you
do not specify a value for this parameter, the command uses the global
security configuration. (String)
- -realmList
- Specifies a realm or list of realms to configure as trusted realms.
(String)
Separate each realm in the list with the pipe character
(|) as the following example demonstrates: realm1|realm2|realm3
Return value
The
command does not return output.
Batch
mode example usage
- Using Jython string:
AdminTask.addTrustedRealms('-communicationType inbound -securityDomainName testDomain')
- Using Jython list:
AdminTask.addTrustedRealms(['-communicationType', 'inbound', '-securityDomainName', 'testDomain'])
Interactive mode example usage
- Using Jython:
AdminTask.addTrustedRealms('-interactive')
configureTrustedRealms
The
configureTrustedRealms command configures trusted realms. Use this
command to replace the list of trusted realms and to clear each realm
from the list. To add realms to the trusted realm list, use the addInboundTrustedRealm
command.
Target object
None.
Required parameters
- -communicationType
- Specifies whether to configure the security domains, realms, or
global security configuration for inbound or outbound communication.
Specify inbound to configure inbound communication.
Specify outbound to configure outbound communication.
(String)
Optional parameters
- -securityDomainName
- Specifies the name of the security domain of interest. If you
do not specify a value for this parameter, the command uses the global
security configuration. (String)
- -realmList
- Specifies a list of realms to configure as trusted realms. (String)
Separate
each realm in the list with the pipe character (|)
as the following example demonstrates: realm1|realm2|realm3
- -trustAllRealms
- Specifies whether to trust all realms. Specify true to
trust all realms. If you specify true for this parameter,
the command does not use the -realmList parameter. (Boolean)
Return value
The
command does not return output.
Batch
mode example usage
- Using Jython string:
AdminTask.configureTrustedRealms('-communicationType inbound -realmList realm1|realm2|realm3')
- Using Jython list:
AdminTask.configureTrustedRealms(['-communicationType', 'inbound', '-realmList', 'realm1|realm2|realm3'])
Interactive mode example usage
- Using Jython string:
AdminTask.configureTrustedRealms('-interactive')
- Using Jython list:
listRegistryGroups
The
listRegistryGroups command displays the groups in the user registry
that belong to the security realm, security domain, or resource name
of interest.
Target object
None.
Optional parameters
- -securityRealmName
- Specifies name of the security realm of interest. The securityDomainName,
resourceName, and securityRealmName parameters are mutually exclusive.
Do not specify more than one of these parameters. (String)
- -resourceName
- Specifies the name of the resource of interest. The securityDomainName,
resourceName, and securityRealmName parameters are mutually exclusive.
Do not specify more than one of these parameters. (String)
- -securityDomainName
- Specifies the name of the security domain of interest. The securityDomainName,
resourceName, and securityRealmName parameters are mutually exclusive.
Do not specify more than one of these parameters.(String)
- -displayAccessIds
- Specifies whether to display the access IDs for each group. Specify true to
display the access ID and group name for each group that the command
returns. (Boolean)
- -groupFilter
- Specifies a filter that the command uses to query for groups.
For example, specify test* to return groups that
begin with the test string. By default, the command
returns all groups. (String)
- -numberOfGroups
- Specifies the number of groups to return. The default number of
groups that the command displays is 20. (Integer)
Return value
The
command returns an array of group names. If you specified the -displayAccessId
parameter, the command returns an array of attribute lists which contain
the group name and group access ID.
Batch
mode example usage
- Using Jython string:
AdminTask.listRegistryGroups('-securityDomainName myTestDomain -groupFilter test* -numberOfGroups 10')
- Using Jython list:
AdminTask.listRegistryGroups(['-securityDomainName', 'myTestDomain', '-groupFilter', 'test*', '-numberOfGroups', '10'])
Interactive mode example usage
- Using Jython:
AdminTask.listRegistryGroups('-interactive')
Avoid trouble: If you list
the groups in the user registry that belong to the security realm,
security domain, or resource name of interest, you must ensure that
you add an OMVS segment (where the user and group information is
stored) to any group that you want to use with WebSphere
® Application
Server.
gotcha
listRegistryUsers
The
listRegistryUsers command displays the users in the user registry
for a specific security realm, resource name, or domain name.
Target object
None.
Optional parameters
- -securityDomainName
- Specifies the name of the security domain of interest. The securityDomainName,
resourceName, and securityRealmName parameters are mutually exclusive.
Do not specify more than one of these parameters. If you do not specify
the securityDomainName, resourceName, or securityRealmName parameter,
the system uses the active user registry from the global security
configuration. (String)
- -resourceName
- Specifies the name of the resource of interest. The securityDomainName,
resourceName, and securityRealmName parameters are mutually exclusive.
Do not specify more than one of these parameters. If you do not specify
the securityDomainName, resourceName, or securityRealmName parameter,
the system uses the active user registry from the global security
configuration. (String)
- -securityRealmName
- Specifies the name of the security realm of interest. The securityDomainName,
resourceName, and securityRealmName parameters are mutually exclusive.
Do not specify more than one of these parameters. If you do not specify
the securityDomainName, resourceName, or securityRealmName parameter,
the system uses the active user registry from the global security
configuration. (String)
- -displayAccessIds
- Specifies whether to display the access IDs for each group. Specify true to
display the access ID and group name for each group that the command
returns. (Boolean)
- -userFilter
- Specifies the filter that the command uses to query for users.
For example, specify test* to display each user
name that starts with the test string. By default,
the command returns all users. (String)
- -numberOfUsers
- Specifies the number of users to return. The default number of
groups that the command displays is 20. (Integer)
Return value
The
command returns an array of user names. If you specify the -displayAccessId
parameter, the command returns an array of attribute lists that contain
the user ID and user access IDs.
Batch
mode example usage
- Using Jython string:
AdminTask.listRegistryUsers('-securityRealmName defaultWIMFileBasedRealm -displayAccessIds true')
- Using Jython list:
AdminTask.listRegistryUsers(['-securityRealmName', 'defaultWIMFileBasedRealm', '-displayAccessIds', 'true'])
Interactive mode example usage
- Using Jython:
AdminTask.listRegistryUsers('-interactive')
Avoid trouble: If you list
the users in the user registry for a specific security realm, resource
name, or domain name, you must ensure that you add an OMVS segment
(where the user and group information is stored) to any user that
you want to use with WebSphere Application Server.
gotcha
listSecurityRealms
The
listSecurityRealms command displays each security realm from global
security configuration and the security domains.
Target object
None.
Return value
The command returns an
array of realm names.
Batch mode example
usage
- Using Jython string:
AdminTask.listSecurityRealms()
- Using Jython list:
AdminTask.listSecurityRealms()
Interactive mode example usage
- Using Jython:
AdminTask.listSecurityRealms('-interactive')
listTrustedRealms
The
listTrustedRealms command displays a list of trusted realms for a
security domain, resource, or realm. If you do not specify a security
domain, resource name, or realm name, then the command returns a list
of trusted realms from the global security configuration. The securityRealmName,
resourceName, and securityDomainName parameters are mutually exclusive.
Target object
None.
Required parameters
- -communicationType
- Specifies whether to list the trusted realms for inbound or outbound
communication. Specify inbound to configure inbound
communication. Specify outbound to configure outbound
communication. (String)
Optional parameters
- -securityRealmName
- Specifies name of the security realm of interest. If you use this
parameter, do not use the resourceName or securityDomainName parameters.
(String)
- -resourceName
- Specifies the name of the resource of interest. If you use this
parameter, do not use the securityRealmName or securityDomainName
parameters. (String)
- -securityDomainName
- Specifies the name of the security domain of interest. If you
use this parameter, do not use the resourceName or securityRealmName
parameters. (String)
- -expandRealmList
- Specifies whether to return each realm name when the trustAllRealms
property is enabled. Specify true to return each
realm name. Specify false to return the trustAllRealms
property. (Boolean)
- -includeCurrentRealm
- Specifies whether to include the current realm in the list of
trusted realms. Specify true to include the current
realm, or specify false to exclude the current realm
from the list of trusted realms. (Boolean)
Return value
The
command returns an array of trusted realm names. If the realm, resource,
or security domain of interest is configured to trust all realms,
the command returns the trustAllRealms string.
Batch mode example usage
- Using Jython string:
AdminTask.listTrustedRealms('-communicationType inbound -resourceName myApplication')
- Using Jython list:
AdminTask.listTrustedRealms(['-communicationType', 'inbound', '-resourceName', 'myApplication'])
Interactive mode example usage
- Using Jython:
AdminTask.listTrustedRealms('-interactive')
removeTrustedRealms
The
removeTrustedRealms command removes realms from a trusted realm list
in a security domain or in the global security configuration.
Target object
None.
Required parameters
- -communicationType
- Specifies whether to remove trusted realms from inbound or outbound
communication. Specify inbound to configure inbound
communication. Specify outbound to configure outbound
communication. (String)
- -realmList
- Specifies a list of realms to remove from trusted realms. (String)
Separate
each realm in the list with the pipe character (|)
as the following example demonstrates: realm1|realm2|realm3
Optional parameters
- -securityDomainName
- Specifies the name of the security domain of interest. If you
do not specify a security domain, the command uses the global security
configuration. (String)
Return value
The
command does not return output.
Batch
mode example usage
- Using Jython string:
AdminTask.removeTrustedRealms('-communicationType inbound -realmList realm1|realm2|realm3')
- Using Jython list:
AdminTask.removeTrustedRealms(['-communicationType inbound -realmList realm1|realm2|realm3'])
Interactive mode example usage
- Using Jython:
AdminTask.removeTrustedRealms('-interactive')
unconfigureTrustedRealms
The
unconfigureTrustedRealms command removes the trusted realm object
from the configuration.
Target object
None.
Required parameters
- -communicationType
- Specifies whether to unconfigure the trusted realms for inbound
or outbound communication. Specify inbound to remove
inbound communication configurations. Specify outbound to
remove outbound communication configurations. (String)
Optional parameters
- -securityDomainName
- Specifies the name of the security domain of interest. If you
do not specify a security domain, the command uses the global security
configuration. (String)
Return value
The
command does not return output.
Batch
mode example usage
- Using Jython string:
AdminTask.unconfigureTrustedRealms('-communicationType inbound -securityDomainName testDomain')
- Using Jython list:
AdminTask.unconfigureTrustedRealms(['-communicationType', 'inbound', '-securityDomainName', 'testDomain'])
Interactive mode example usage
- Using Jython string:
AdminTask.unconfigureTrustedRealms('-interactive')